CalECPA and the Legacy of Digital Privacy: An Open Letter to Gov. Jerry Brown
Dear Gov. Brown,
Electronics, computers, satellites, biotechnology, robotics – these are no longer dreams. They are the driving imperative that is restructuring the world economy. These new technologies are fundamentally changing our communications, agriculture, environment, schooling, financial institutions, family life and our national security.
California is now the leader in these technologies, but we will not remain so unless we mobilize the political will and individual responsibility to act.
Those were your words, delivered on January 9, 1982 — your final State of the State Address as the 34th governor of California. They are just as true and inspiring today as they were at the dawn of the age of personal computing.
My name is Dave Maass and I work at the Electronic Frontier Foundation in San Francisco. I am writing to you today as someone who has heeded your words and taken individual responsibility to act. I am also writing as part of a movement that has mobilized the political will to put a bill on your desk — S.B 178, also known as the California Electronic Communications Privacy Act or CalECPA. The hard truth is California is no longer a leader, not when it comes to how our privacy laws are applied in an era of constant technological growth. We need your signature on this legislation to rebuild trust in the digital economy and the technologies you have long championed.
Gov. Brown, I’ve been digging into historical documents for any hint about what action you might take on CalECPA. I’ve been impressed by your early work on computer literacy in the education system (InfoWorld talked about your “three C’s”: “computing, calculation, and communication with technology”) and the long term impact those measures have had on this current generation of innovators.
News articles talk about how you struggled with the “cryptic documentation” for your own Apple III and your friendship with Steve Jobs at the Los Altos Zen Center. Another Apple co-founder, Steve Wozniak, and early employee Dan Cochran tell a humorous story about how, shortly after you left office in 1983, you took a tour of Apple’s Lisa offices—creating a gossip shockwave that you might become the new CEO of the company.
The future you envisioned and nurtured in the late 1970s and early 1980s has come to pass. You presided over the birth of a digital revolution and many of the actions you took as governor helped propel California to the forefront of innovation. Ask anyone who’s moved to California from anywhere else in the world: it’s like taking a ride in a time machine to a science fiction wonderland.
With one exception: our laws. As our devices have shrunk, as their storage capacity has grown, as cloud services have begun hosting more of our information, as we shift to a paperless society, our laws have failed to reflect the privacy protections enshrined in the California Constitution: the guarantee that the people be free from unreasonable searches and seizures. When it comes to our data, we are not being treated with the fairness and respect for our privacy and dignity that the state Constitution requires. New technology may address a lot of contemporary challenges, but problems with the law can only be solved by the same age-old system: the legislative process.
Law enforcement needs a warrant to search through our filing cabinets and drawers, but the law doesn’t provide the same protections for our digital information. CalECPA would ensure police get a warrant for our electronic records, including emails and locational data, regardless of whether it’s held on a device or by online service providers.
The lack of legal clarity — with rules guided by inconsistent case law, rather than legislation — isn’t just bad for individual privacy. The status quo is also bad for the companies we entrust our data to and the public safety officers who have to navigate the gray areas to protect us.
In 1982, you asked California to mobilize the political will to sustain our status at the top. That is exactly what has happened around S.B. 178 and the issue of digital privacy. The bipartisan bill, sponsored by Sen. Mark Leno (D-San Francisco) and Sen. Joel Anderson (R-San Diego), has drawn support across the spectrum.
A recent poll shows that 82% of Californians believe that a warrant should be required for our data. The long list of the bill’s backers include organizations, such as:
- Privacy and civil liberties groups: ACLU, Privacy Rights Clearinghouse, Electronic Frontier Foundation, Center for Democracy and Technology, Tech Freedom, and Restore the Fourth
- Business and consumer interests: California Chamber of Commerce, Small Business California, Bay Area Council, Consumer Federation, and Consumer Action
- Media and library organizations: California Newspaper Publishers Association, the American Library Association, Media Alliance, Center for Media Justice, and the Internet Archive. (Plus the editorial boards of the Sacramento Bee, Los Angeles Times, and San Francisco Chronicle.)
- Community justice organizations: Color of Change, Asian Americans Advancing Justice, Centro Legal de la Raza, CAIR, and the National Center for Lesbian Rights
- Child advocates: ConnectSafely and Common Sense Media
Not only are public interest groups and law professors supporting the legislation, but virtually all of California’s large Internet companies — Google, Facebook, Adobe, Twitter, Mozilla, Foursquare, reddit, Dropbox, and, of course, Apple — have thrown their weight behind the bill. (It’s amusing to think that, had the Apple rumor been true, you might very well be standing with us today to ask for another governor’s signature.)
LinkedIn, a global hub for connecting employers with talent, emphasized that this bill is crucial to ensuring California’s leadership in not just technology, but all economic sectors. As Pablo Chavez, Vice President for Global Public Policy and Government Affairs, writes:
By our estimate, 60 percent of California’s workforce uses LinkedIn — and a critical component to their efforts to generate economic opportunity for themselves and others is updating and modernizing the laws that govern access to digital data and communications. [S.B. 178] would help achieve that goal by adding much needed clarity and transparency to existing government access laws, while not unduly hindering legitimate law enforcement investigations.
In years past, law enforcement was resistant to change. This time, after much negotiation, the state’s most influential law enforcement organizations—California District Attorneys Association, California Police Chiefs Association, California State Sheriffs' Association, and the California Statewide Law Enforcement Association—all withdrew their opposition to S.B. 178. The bill does not affect law enforcement’s ability to access basic subscriber information or conduct undercover investigations, and police can get data in emergency situations—when someone’s life is on the line—without a warrant. This emergency provision is balanced with meaningful accountability measures that will bolster public trust.
As the California Sheriffs Association wrote in their neutrality letter: CalECPA ensures “the correct balance is struck between the need for law enforcement to obtain information regarding criminal activities from electronic communications and the privacy interests of those who use email and other forms of electronic communication.”
The San Diego Police Officers Association, representing more than 1,850 sworn officers, has put its full support behind the bill as well. From their perspective, the current legal framework for obtaining digital records is fraught with uncertainty, presenting numerous problems for law enforcement. One reason is the processes for complying with government requests vary widely company to company. As SDPOA President Brian Marvel writes:
In its current form, SB 178 strengthens community relationships and increases transparency without impeding on law enforcement’s ability to serve the needs of their communities. This bill does so by providing a clear process for government or law enforcement agencies seeking access to electronic information such as data stored on cell phones, electronic devices, emails, and digital documents.
SB 178 modernizes the current law to account for assuring privacy of personzal information of Californians regardless of the format in which it is stored.
Hawaii and Texas have both passed laws requiring warrants for content. Illinois, Indiana, Maryland, Minnesota, Montana, Washington and Wisconsin have all passed laws requiring warrants for locational data. Maine and Utah (the latter has been called the “next Silicon Valley”) have passed laws requiring warrants for both.
Gov. Brown, it’s California’s turn.
A captivating portrait of you hangs in the state Capitol. If a visitor looks closely, the inscription reads:
“We can pioneer the new technologies that emphasize quality over quantity and we can make the tools to lift millions out of poverty and ignorance. The world still looks to California.”
The world still looks to California, but now California looks to you. Please sign S.B. 178.
Electronic Frontier Foundation
It’s time to update California’s privacy laws. Tell Gov. Jerry Brown to sign S.B. 178 (CalECPA) today.